Index: lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java =================================================================== RCS file: /usr/local/cvsroot/lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/Attic/LamsSecurityUtil.java,v diff -u -r1.14 -r1.15 --- lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java 17 Apr 2014 14:01:01 -0000 1.14 +++ lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java 6 Aug 2014 19:36:21 -0000 1.15 @@ -61,11 +61,13 @@ * @param ctx * the blackboard contect, contains session data * @param method - * the mehtod to request of LAMS "author", "monitor", "learner" + * the mehtod to request of LAMS "author", "monitor", "learnerStrictAuth" + * @param lsid + * lesson id. It is expected to be present in case of "monitor" and "learnerStrictAuth" * @return a url pointing to the LAMS lesson, monitor, author session * @throws Exception */ - public static String generateRequestURL(Context ctx, String method) { + public static String generateRequestURL(Context ctx, String method, String lsid) { String serverAddr = getServerAddress(); String serverId = getServerID(); @@ -81,7 +83,7 @@ String firstName = ctx.getUser().getGivenName(); String lastName = ctx.getUser().getFamilyName(); String email = ctx.getUser().getEmailAddress(); - String hash = generateAuthenticationHash(timestamp, username, method, serverId); + String hash = generateAuthenticationHash(timestamp, username, method, lsid, serverId); String courseId = ctx.getCourse().getCourseId(); String locale = ctx.getUser().getLocale(); @@ -96,6 +98,10 @@ + URLEncoder.encode(reqSrc, "UTF8") + "&firstName=" + URLEncoder.encode(firstName, "UTF-8") + "&lastName=" + URLEncoder.encode(lastName, "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8"); + + if ("learnerStrictAuth".equals(method) || "monitor".equals(method)) { + url += "&lsid=" + lsid; + } } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); @@ -425,11 +431,16 @@ // } // generate authentication hash code to validate parameters - public static String generateAuthenticationHash(String datetime, String login, String method, String serverId) { + public static String generateAuthenticationHash(String datetime, String login, String method, String lsid, String serverId) { String secretkey = LamsPluginUtil.getSecretKey(); - String plaintext = datetime.toLowerCase().trim() + login.toLowerCase().trim() + method.toLowerCase().trim() - + serverId.toLowerCase().trim() + secretkey.toLowerCase().trim(); + //in case of learnerStrictAuth we should also include lsid value when creating hash: [ts + uid + method + lsid + serverID + serverKey] + //regular case: [ts + uid + method + serverID + serverKey] + String plaintext = "learnerStrictAuth".equals(method) ? datetime.toLowerCase().trim() + + login.toLowerCase().trim() + method.toLowerCase().trim() + lsid.toLowerCase().trim() + + serverId.toLowerCase().trim() + secretkey.toLowerCase().trim() : datetime.toLowerCase().trim() + + login.toLowerCase().trim() + method.toLowerCase().trim() + serverId.toLowerCase().trim() + + secretkey.toLowerCase().trim(); String hash = sha1(plaintext); return hash; Index: lams_bb_integration/web/modules/create.jsp =================================================================== RCS file: /usr/local/cvsroot/lams_bb_integration/web/modules/create.jsp,v diff -u -r1.16 -r1.17 --- lams_bb_integration/web/modules/create.jsp 5 Mar 2014 19:48:08 -0000 1.16 +++ lams_bb_integration/web/modules/create.jsp 6 Aug 2014 19:36:21 -0000 1.17 @@ -37,7 +37,7 @@ } // Get the Login Request URL for authoring LAMS Lessons - String authorUrl = LamsSecurityUtil.generateRequestURL(ctx, "author"); + String authorUrl = LamsSecurityUtil.generateRequestURL(ctx, "author", null); // Get the list of Learning Designs //String learningDesigns = LamsSecurityUtil.getLearningDesigns(ctx, 2); Index: lams_bb_integration/web/modules/learnermonitor.jsp =================================================================== RCS file: /usr/local/cvsroot/lams_bb_integration/web/modules/learnermonitor.jsp,v diff -u -r1.15 -r1.16 --- lams_bb_integration/web/modules/learnermonitor.jsp 5 Mar 2014 10:35:35 -0000 1.15 +++ lams_bb_integration/web/modules/learnermonitor.jsp 6 Aug 2014 19:36:21 -0000 1.16 @@ -45,9 +45,9 @@ // Get the LAMS access URLs String lsid = request.getParameter("lsid"); - String learnerUrl = LamsSecurityUtil.generateRequestURL(ctx, "learner") + "&lsid=" + lsid; - String monitorUrl = LamsSecurityUtil.generateRequestURL(ctx, "monitor") + "&lsid=" + lsid; - String liveEditUrl = LamsSecurityUtil.generateRequestURL(ctx, "author"); + String learnerUrl = LamsSecurityUtil.generateRequestURL(ctx, "learnerStrictAuth", lsid); + String monitorUrl = LamsSecurityUtil.generateRequestURL(ctx, "monitor", lsid); + String liveEditUrl = LamsSecurityUtil.generateRequestURL(ctx, "author", null); // Get Course ID and Session User ID BbPersistenceManager bbPm = BbServiceManager.getPersistenceService().getDbPersistenceManager(); Index: lams_bb_integration/web/modules/preview.jsp =================================================================== RCS file: /usr/local/cvsroot/lams_bb_integration/web/modules/Attic/preview.jsp,v diff -u -r1.5 -r1.6 --- lams_bb_integration/web/modules/preview.jsp 25 Feb 2014 20:55:45 -0000 1.5 +++ lams_bb_integration/web/modules/preview.jsp 6 Aug 2014 19:36:21 -0000 1.6 @@ -65,7 +65,7 @@ } //redirect to preview lesson - String previewUrl = LamsSecurityUtil.generateRequestURL(ctx, "learner") + "&lsid=" + lsId; + String previewUrl = LamsSecurityUtil.generateRequestURL(ctx, "learnerStrictAuth", lsId); response.sendRedirect(previewUrl); %>